How severe is CVE-2026-21502?

CVE-2026-21502 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-21502

Name: iccdev
Author: color

5.5MEDIUM

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin

Published: 1/7/2026Updated: 1/9/2026

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.

AI AnalysisPowered by AI

Affected Products

coloriccdev

References

https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/d9e42a1fb2606e25e498eb94f34f6da89f522e35
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/368
ExploitIssue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/407
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6
Third Party Advisory